JIT Leaks: Inducing Timing Side Channels through Just-In-Time Compilation

JIT Leaks: Inducing Timing Side Channels through Just-In-Time Compilation—Tegan Brennan, Nicolás Rosner, Tevfik Bultan

Side-channel vulnerabilities in software are caused
by an observable imbalance in resource usage across different
program paths. We show that just-in-time (JIT) compilation,
which is crucial to the runtime performance of modern interpreted languages, can introduce timing side channels in cases
where the input distribution to the program is non-uniform.
Such timing channels can enable an attacker to infer potentially
sensitive information about predicates on the program input.
We define three attack models under which such side channels
are harnessable and five vulnerability templates to detect susceptible code fragments and predicates. We also propose profiling
algorithms to generate the representative statistical information
necessary for the attacker to perform accurate inference.
We systematically evaluate the strength of these JIT-based
on the JavaScript built-in objects String, Math, and Array. We
carry out our evaluation using two widely adopted, open-source,
JIT-enhanced runtime engines for the Java and JavaScript
languages: the Oracle HotSpot Java Virtual Machine and the
Google V8 JavaScript engine, respectively.
Finally, we demonstrate a few examples of JIT-based side
channels in the Apache Shiro security framework and the
GraphHopper route planning server, and show that they are
observable over the public Internet.